Re: bioctl should retry passphrase

Thu, 13 Jan 2011 22:00:02 -0800 

On Friday 14 January 2011, Ted Unangst wrote:
> If I type the wrong password into bioctl at boot, disks don't exist,
> filesystems don't get mounted, and generally lots of things go wrong.  All
> I need is a second chance to remind me to type the right password.

Huh? Both you and Marco rejected this last year and when I last checked there 
was no bioctl included in /etc/rc... I guess we need to decide if bioctl 
should behave like su/passwd, sudo or like something else.

==

Re: bioctl patch (inline) diff -uNp
From: Ted Unangst <ted.unan...@gmail.com>
To: merlyn <merlyn...@gmail.com>
CC: Marco Peereboom <sl...@peereboom.us>, tech@openbsd.org
Date: 2010-09-15 05:21
   
On Tue, Sep 14, 2010 at 3:46 PM, merlyn <merlyn...@gmail.com> wrote:
>> I am not a fan of this.  Why wouldn't you do this in the wrapping
>> script?
>
> Just because I think such a basic thing should be presend.
> And I'm not a fan of doing this in wrapping script.
> However I respect your decision.

I'm with Marco here.  Other command line tools don't ask questions
like this.  You just rerun the command.

==

> Index: bioctl.c
> ===================================================================
> RCS file: /home/tedu/cvs/src/sbin/bioctl/bioctl.c,v
> retrieving revision 1.98
> diff -u -r1.98 bioctl.c
> --- bioctl.c  1 Dec 2010 19:40:18 -0000       1.98
> +++ bioctl.c  13 Jan 2011 23:47:24 -0000
> @@ -699,6 +699,7 @@
>       int                     rv, no_dev, fd;
>       dev_t                   *dt;
>       u_int16_t               min_disks = 0;
> +     int                     retry = 0;
>
>       if (!dev_list)
>               errx(1, "no devices specified");
> @@ -738,6 +739,7 @@
>       if (level == 'C' && no_dev != min_disks)
>               errx(1, "not exactly one partition");
>
> +again:
>       memset(&create, 0, sizeof(create));
>       create.bc_cookie = bl.bl_cookie;
>       create.bc_level = level;
> @@ -802,8 +804,14 @@
>       memset(&kdfinfo, 0, sizeof(kdfinfo));
>       memset(&create, 0, sizeof(create));
>       if (rv == -1) {
> -             if (errno == EPERM)
> +             if (errno == EPERM) {
> +                     if (!retry) {
> +                             warnx("Incorrect passphrase. Try again.");
> +                             retry = 1;
> +                             goto again;
> +                     }
>                       errx(1, "Incorrect passphrase");
> +             }
>               err(1, "BIOCCREATERAID");
>       }

-- 

   "Stop assuming that systems are secure unless demonstrated insecure;
    start assuming that systems are insecure unless designed securely."
          - Bruce Schneier

Reply via email to